<?php // Add more security checks here! $imgpath = $_GET["imgpath"]; ?> <head> <script> function imglink () { // HTML Entities for blank spaces are:   \xa0 location.href="<?php echo $imgpath ?>?foo=\"><a\xa0href=\"http://www.example.com\">Anchortext</a>"; } </script> </head> <body onload="imglink()"> </body>